Hi All, Firstly I wanted to thank freeradius-devs for the tremendous job they are doing. And to the question itself: I had been planning to configure freeradius to be able to authenticate users by username/password from users-file. 1. I followed the readme-file under certs and made ca, server and client certificates MARK: README states that one has to delete index.txt and serial files, but these are needed when creating new certificates, and have to be recreated prior to generating new certificates!? 2. configured ttls/server cert password in eap.conf and everything worked fine. Then I read somewhere that username/password authentication alone is not secure as some information is passed in clear text?! So I decided to add extra protection by using certificates in addition to username/password. That's where problems started. I added "EAP-TLS-Require-Client-Cert = Yes" in "authorize-section" the default-site in sites-enabled. (I also tried to add it to users-file, which didn't work, what does work is DEFAULT EAP-TLS-Require-Client-Cert := Yes) using Fedora 16 as client, I now had to use certificate, I added earlier created client.pem, but server fails to authenticate with message "unknown ca cert", I also tried to use ca.pem, but with negative result. What could the problem be? Please don't reject the question by saying that everything is documented or at least point to the right document. I'll gladly post any config-files/logs on request. regards, Dan. -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius-eap-ttls-user-pass-cert-t... Sent from the FreeRadius - User mailing list archive at Nabble.com.